Re: [mailop] 0spam.org DNSBL SERVFAIL
On 14/11/2021 20:02, Simon Arlott via mailop wrote: On 12/11/2021 18:56, Slavko via mailop wrote: I am using bl.0spam.org and nbl.0spam.org RBLs in my custom RBL check script, but in more days their DNS server returns SERVFAIL. Please, are these RBL gone or it is only mistake in its configuration? The DNSSEC RRSIG for the SOA RR is out of date, so all NXDOMAIN (not found) responses will fail to validate: https://dnsviz.net/d/1.0.0.127.bl.0spam.org/dnssec/ In this case, the signature is for the SOA with serial 2021110401 but the current SOA serial is 2021110501: https://gist.github.com/nomis/239c16f5f2321600e9397933b193d955 You can request data even if it doesn't validate by using "dig +dnssec +cd": 0spam.org.56 IN SOA ns1.0spam.org. sa.0spam.org. ( 2021110501 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 1209600; expire (2 weeks) 3600 ; minimum (1 hour) ) 0spam.org.56 IN RRSIG SOA 8 2 10800 ( 20211219192545 20211104182545 53779 0spam.org. rSfVa/1fDI+075D0UmXxiJJ2o8OJ37cszPhrtuvADk0e OtNtfVH4q+vTP2mIVZKq3/DeE7aDFSiQNrL4rSoeubvq +CmD6ACJ+vBW1hvw2teQgtTAV7CmIZgRbA+AJeHNOb9J 32U0hBWUs+s7hWyfjy7GLd3qLe13xBYajJeKLrw= ) 0spam.org.3566 INDNSKEY 256 3 8 ( AwEAAa4Y6IcV8Aa47O2aJAciBJ+ys9r+ycnpR5nhWWOC DHCXuLAUQZFWf9LbbNs1z2YrYuvpMhY424AK9nqkbBZl 9mTd+2suXd4PpKSK4AJ4YdA+WkOVF4O2zvQUzseYjAQh fMaSlT7BwmVE1myRAn+x9gysJ+mBsHTiBvGxDgMAGnhf ) ; ZSK; alg = RSASHA256 ; key id = 53779 https://zonecheck.org/result/99fbf54020a2b9a9 Seems they have an issue or 2 with dnssec -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
Ahoj, Dňa Sun, 14 Nov 2021 10:02:31 + Simon Arlott via mailop napísal: > In this case, the signature is for the SOA with serial 2021110401 but > the current SOA serial is 2021110501: > https://gist.github.com/nomis/239c16f5f2321600e9397933b193d955 Please, i am curious, how did you get the original (validating) SOA serial? -- Slavko https://www.slavino.sk pgpg_vj5lBLzL.pgp Description: Digitálny podpis OpenPGP ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
On 14/11/2021 18:31, Slavko via mailop wrote: dig 1.0.0.127.bl.0spam.org ; <<>> DiG 9.17.19-1-Debian <<>> 1.0.0.127.bl.0spam.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48097 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;1.0.0.127.bl.0spam.org.INA ;; Query time: 1740 msec ;; SERVER: 192.168.10.13#53(192.168.10.13) (UDP) ;; WHEN: Sun Nov 14 09:29:50 CET 2021 ;; MSG SIZE rcvd: 51 dig 1.0.0.127.bl.0spam.org ; <<>> DiG 9.11.34 <<>> 1.0.0.127.bl.0spam.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32988 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 6cecf7e7919b888b01006190e2b03fc3fc671e57ffcd (good) ;; QUESTION SECTION: ;1.0.0.127.bl.0spam.org. IN A ;; AUTHORITY SECTION: 0spam.org. 3600 IN SOA ns1.0spam.org. sa.0spam.org. 2021110501 10800 3600 1209600 3600 ;; Query time: 1169 msec ;; SERVER: 10.10.0.254#53(10.10.0.254) ;; WHEN: Sun Nov 14 20:19:28 AEST 2021 ;; MSG SIZE rcvd: 131 -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
On 12/11/2021 18:56, Slavko via mailop wrote: > I am using bl.0spam.org and nbl.0spam.org RBLs in my custom RBL check > script, but in more days their DNS server returns SERVFAIL. > > Please, are these RBL gone or it is only mistake in its configuration? The DNSSEC RRSIG for the SOA RR is out of date, so all NXDOMAIN (not found) responses will fail to validate: https://dnsviz.net/d/1.0.0.127.bl.0spam.org/dnssec/ In this case, the signature is for the SOA with serial 2021110401 but the current SOA serial is 2021110501: https://gist.github.com/nomis/239c16f5f2321600e9397933b193d955 You can request data even if it doesn't validate by using "dig +dnssec +cd": 0spam.org. 56 IN SOA ns1.0spam.org. sa.0spam.org. ( 2021110501 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 1209600; expire (2 weeks) 3600 ; minimum (1 hour) ) 0spam.org. 56 IN RRSIG SOA 8 2 10800 ( 20211219192545 20211104182545 53779 0spam.org. rSfVa/1fDI+075D0UmXxiJJ2o8OJ37cszPhrtuvADk0e OtNtfVH4q+vTP2mIVZKq3/DeE7aDFSiQNrL4rSoeubvq +CmD6ACJ+vBW1hvw2teQgtTAV7CmIZgRbA+AJeHNOb9J 32U0hBWUs+s7hWyfjy7GLd3qLe13xBYajJeKLrw= ) 0spam.org. 3566 IN DNSKEY 256 3 8 ( AwEAAa4Y6IcV8Aa47O2aJAciBJ+ys9r+ycnpR5nhWWOC DHCXuLAUQZFWf9LbbNs1z2YrYuvpMhY424AK9nqkbBZl 9mTd+2suXd4PpKSK4AJ4YdA+WkOVF4O2zvQUzseYjAQh fMaSlT7BwmVE1myRAn+x9gysJ+mBsHTiBvGxDgMAGnhf ) ; ZSK; alg = RSASHA256 ; key id = 53779 -- Simon Arlott ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
Ahoj, Dňa Sun, 14 Nov 2021 10:40:01 +1000 Noel Butler via mailop napísal: > On 13/11/2021 21:58, Renaud Allard via mailop wrote: > > > It fails here too > > > > # time dig 2.0.0.127.bl.0spam.org > > > > ; <<>> dig 9.10.8-P1 <<>> 2.0.0.127.bl.0spam.org > > ;; global options: +cmd > > ;; connection timed out; no servers could be reached > > 0m15.04s real 0m00.01s user 0m00.01s system > > ~# dig 2.0.0.127.bl.0spam.org > > ; <<>> DiG 9.16.22 <<>> 2.0.0.127.bl.0spam.org > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58252 > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: dig 2.0.0.127.bl.0spam.org ; <<>> DiG 9.17.19-1-Debian <<>> 2.0.0.127.bl.0spam.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37343 ^^^ ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;2.0.0.127.bl.0spam.org.IN A ;; ANSWER SECTION: 2.0.0.127.bl.0spam.org. 900 IN A 127.0.0.2 ;; Query time: 0 msec ;; SERVER: 192.168.10.13#53(192.168.10.13) (UDP) ;; WHEN: Sun Nov 14 09:29:41 CET 2021 ;; MSG SIZE rcvd: 67 dig 1.0.0.127.bl.0spam.org ; <<>> DiG 9.17.19-1-Debian <<>> 1.0.0.127.bl.0spam.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48097 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;1.0.0.127.bl.0spam.org.IN A ;; Query time: 1740 msec ;; SERVER: 192.168.10.13#53(192.168.10.13) (UDP) ;; WHEN: Sun Nov 14 09:29:50 CET 2021 ;; MSG SIZE rcvd: 51 regards -- Slavko https://www.slavino.sk pgpEhk21TyjUO.pgp Description: Digitálny podpis OpenPGP ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
On 13/11/2021 21:58, Renaud Allard via mailop wrote: It fails here too # time dig 2.0.0.127.bl.0spam.org ; <<>> dig 9.10.8-P1 <<>> 2.0.0.127.bl.0spam.org ;; global options: +cmd ;; connection timed out; no servers could be reached 0m15.04s real 0m00.01s user 0m00.01s system ~# dig 2.0.0.127.bl.0spam.org ; <<>> DiG 9.16.22 <<>> 2.0.0.127.bl.0spam.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58252 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 4cefd8603a6ecf1c0100619059ee80bbc9a8db3121ed (good) ;; QUESTION SECTION: ;2.0.0.127.bl.0spam.org. IN A ;; ANSWER SECTION: 2.0.0.127.bl.0spam.org. 10800 IN A 127.0.0.2 ;; Query time: 3047 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Nov 14 10:35:58 AEST 2021 ;; MSG SIZE rcvd: 95 -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
Hi, Dňa Fri, 12 Nov 2021 16:15:34 -0600 Jarland Donnell via mailop napísal: > This is who runs it: https://area51services.com/ I tried to report problem to them via contact form, but they require phone number, which i am not willing to provide them and form doesn't accept the fake one (or i do not know how to properly fake it). I will just ignore their errors and perhaps whole RBL after some time, it is not crucial for me. regards -- Slavko https://www.slavino.sk pgpwRJfwhNY7c.pgp Description: Digitálny podpis OpenPGP ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
On 13/11/2021 01:59, John Levine via mailop wrote: It appears that Slavko via mailop said: -=-=-=-=-=- -=-=-=-=-=- Hi, I am using bl.0spam.org and nbl.0spam.org RBLs in my custom RBL check script, but in more days their DNS server returns SERVFAIL. When I do an A lookup on bl.0spam.org or 2.0.0.127.bl.0spam.org it works fine, valid DNSSEC. Where are you looking for an SOA, any why? It fails here too # time dig 2.0.0.127.bl.0spam.org ; <<>> dig 9.10.8-P1 <<>> 2.0.0.127.bl.0spam.org ;; global options: +cmd ;; connection timed out; no servers could be reached 0m15.04s real 0m00.01s user 0m00.01s system Nov 13 12:56:50 isildur unbound: [26499:2] info: 127.0.0.1 2.0.0.127.bl.0spam.org. A IN SERVFAIL 15.810396 0 51 Nov 13 12:56:50 isildur unbound: [26499:2] info: 127.0.0.1 2.0.0.127.bl.0spam.org. A IN SERVFAIL 59.511577 0 40 smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
Hi, Dňa 12 Nov 2021 19:59:11 -0500 John Levine via mailop napísal: > When I do an A lookup on bl.0spam.org or 2.0.0.127.bl.0spam.org it > works fine, valid DNSSEC. Yes, this works for me too with positive answer, but fails for NXDOMAIN answers, see below. > Where are you looking for an SOA, any why? when i ask not listed IP (real example IP here), it returns SOA in AUTHORITY section in case NXDOMAIN (without validating): dig 62.82.187.80.bl.0spam.org +cdflag ; <<>> DiG 9.17.19-1-Debian <<>> 62.82.187.80.bl.0spam.org +cdflag ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36826 ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;62.82.187.80.bl.0spam.org. IN A ;; AUTHORITY SECTION: 0spam.org. 900 IN SOA ns1.0spam.org. sa.0spam.org. 2021110501 10800 3600 1209600 3600 ;; Query time: 0 msec ;; SERVER: 192.168.10.13#53(192.168.10.13) (UDP) ;; WHEN: Sat Nov 13 11:11:29 CET 2021 ;; MSG SIZE rcvd: 97 The same with validation: dig 62.82.187.80.bl.0spam.org ; <<>> DiG 9.17.19-1-Debian <<>> 62.82.187.80.bl.0spam.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53811 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;62.82.187.80.bl.0spam.org. IN A ;; Query time: 0 msec ;; SERVER: 192.168.10.13#53(192.168.10.13) (UDP) ;; WHEN: Sat Nov 13 11:14:27 CET 2021 ;; MSG SIZE rcvd: 54 And unbound logs: info: validation failure <80.bl.0spam.org. A IN>: signature crypto failed from 208.92.158.10 for <0spam.org. SOA IN> info: validation failure <187.80.bl.0spam.org. A IN>: signature crypto failed from 208.92.158.10 for <0spam.org. SOA IN> info: validation failure <62.82.187.80.bl.0spam.org. A IN>: signature crypto failed from 208.92.158.10 for <0spam.org. SOA IN> info: validation failure <82.187.80.bl.0spam.org. A IN>: signature crypto failed from 208.92.158.10 for <0spam.org. SOA IN> regards -- Slavko https://www.slavino.sk pgpySgaOfk04e.pgp Description: Digitálny podpis OpenPGP ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
It appears that Slavko via mailop said: >-=-=-=-=-=- >-=-=-=-=-=- > >Hi, > >I am using bl.0spam.org and nbl.0spam.org RBLs in my custom RBL check >script, but in more days their DNS server returns SERVFAIL. When I do an A lookup on bl.0spam.org or 2.0.0.127.bl.0spam.org it works fine, valid DNSSEC. Where are you looking for an SOA, any why? R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
Dňa 12. novembra 2021 22:15:34 UTC používateľ Jarland Donnell via mailop napísal: >This is who runs it: https://area51services.com/ Thanks Slavko ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
This is who runs it: https://area51services.com/ On 2021-11-12 16:02, Slavko via mailop wrote: Dňa 12. novembra 2021 20:30:25 UTC používateľ Michael Peddemors via mailop napísal: If you check mxtoolbox or hetrixtools, and see an IP listed, but you don't see it listed in your queries, or blocked/flagged by the chosen RBL, it is most likely a DNS problem. Many open resolvers are blocked by many RBL's.. Your crystal ball is broken, consider to get new one ;-) (IT's DNS, it's always DNS) More specific, MY recursive & validating DNS server reports that it is DNSSEC problem with their SOA signature. I cannot find contact address on their site, thus i ask here... Slavko ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
Dňa 12. novembra 2021 20:30:25 UTC používateľ Michael Peddemors via mailop napísal: >If you check mxtoolbox or hetrixtools, and see an IP listed, but you >don't see it listed in your queries, or blocked/flagged by the chosen >RBL, it is most likely a DNS problem. > >Many open resolvers are blocked by many RBL's.. Your crystal ball is broken, consider to get new one ;-) >(IT's DNS, it's always DNS) More specific, MY recursive & validating DNS server reports that it is DNSSEC problem with their SOA signature. I cannot find contact address on their site, thus i ask here... Slavko ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
No matter WHAT rbl you choose (no pitching ;) make sure you are aware of WHAT dns servers you are using. If you check mxtoolbox or hetrixtools, and see an IP listed, but you don't see it listed in your queries, or blocked/flagged by the chosen RBL, it is most likely a DNS problem. Many open resolvers are blocked by many RBL's.. (IT's DNS, it's always DNS) On 2021-11-12 10:56 a.m., Slavko via mailop wrote: Hi, I am using bl.0spam.org and nbl.0spam.org RBLs in my custom RBL check script, but in more days their DNS server returns SERVFAIL. Please, are these RBL gone or it is only mistake in its configuration? regards ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] 0spam.org DNSBL SERVFAIL
Hi, I am using bl.0spam.org and nbl.0spam.org RBLs in my custom RBL check script, but in more days their DNS server returns SERVFAIL. Please, are these RBL gone or it is only mistake in its configuration? regards -- Slavko https://www.slavino.sk pgpPxqibrEsKY.pgp Description: Digitálny podpis OpenPGP ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop